There's a phrase that gets repeated constantly in crypto: not your keys, not your coins. It's technically accurate, but it elides the more interesting question — what does it actually mean to "have" the keys, and what structures have been built around that problem?
Custody, in any financial system, is the question of who controls the asset. In traditional finance, custody usually means a bank or broker holds securities in your name — you have a claim, and the custodian has the asset. In crypto, custody means controlling a private key. The key is the asset. There's no intermediary that can restore access if it's lost, and there's no legal framework that automatically steps in if a custodian fails. Those gaps are closing, but slowly.
Three distinct custody models exist today. They differ in who controls the key, what legal protections apply, and what failure modes are possible.
The Three Models
Self-custody means you control the private key directly. This takes several forms: a hardware wallet (a physical device that generates and stores keys offline, like a Ledger or Trezor), a software wallet on a phone or desktop, or a paper wallet storing a key offline. In all cases, the key never leaves your possession — no company has access to it, no counterparty can freeze it, and no platform's insolvency affects it.
The trade-off is full responsibility. If the key is lost, access is gone permanently. If the seed phrase is stolen, the asset is gone permanently. Self-custody removes third-party risk but requires operational security that most people don't maintain consistently. The risk profile shifts from counterparty failure to personal failure.
Exchange custody (or custodial exchange accounts) is what most retail participants use. When you buy crypto on Coinbase, Kraken, or Binance, the exchange holds the private keys. You have an account balance — a claim on the exchange's reserves, not actual ownership of specific coins. This is functionally identical to how a bank account works: the bank holds the money, you have a deposit claim.
The convenience is obvious. You can reset passwords. You don't need to manage seed phrases. The risk is equally obvious: the exchange is a counterparty. If it's insolvent (FTX), hacked (Mt. Gox), frozen by regulators, or simply misconfigured, your claim can become worthless or temporarily inaccessible. The key is that "account balance" and "owning crypto" are legally and operationally different things.
Qualified custody is the institutional layer. Regulated custodians — Coinbase Custody, BitGo, Anchorage Digital, Fidelity Digital Assets — hold crypto on behalf of institutions under regulatory frameworks. In the US, the relevant standard is the SEC's "qualified custodian" definition under the Investment Advisers Act: a bank, broker-dealer, or trust company with appropriate licensing. Investment advisers managing client crypto are generally required to use qualified custodians, which is part of why the spot Bitcoin ETF approvals in early 2024 required Coinbase Custody as the custodian for multiple products.
Qualified custodians maintain segregated accounts per client, undergo SOC 2 audits, carry insurance against theft and operational failure, and are subject to regulatory examination. The key management at this layer is more sophisticated than personal hardware wallets — typically involving multi-signature schemes or multi-party computation.
Key Management: Multi-Sig vs MPC
Two technical approaches dominate institutional key management:
Multi-signature (multi-sig) requires multiple private keys to authorize a transaction. A 2-of-3 multi-sig, for example, needs any two of three keyholders to sign before a transaction executes. The keys exist as separate cryptographic objects, held in different physical or organizational locations. The on-chain record reflects the multi-sig structure — the contract address itself requires multiple signatures.
Multi-party computation (MPC) achieves the same functional goal differently. Instead of multiple keys that are combined to sign, MPC splits a single key into cryptographic shares distributed across multiple parties. No complete key ever exists in one place; the signing operation happens through a distributed protocol where shares interact without any party seeing the full key. The on-chain result looks identical to a standard single-key transaction.
The practical difference: multi-sig creates a visible threshold signature policy on-chain and requires all signing parties to coordinate using blockchain-native structures. MPC is off-chain key management — more flexible, harder to audit on-chain, but also harder for an attacker to reconstruct the full key from any single point of compromise. Most institutional custodians have migrated toward MPC-based architectures over the past few years.
Where Constraints Live
The regulatory constraint is the most active. The SEC's qualified custodian requirement for investment advisers has been the subject of extended guidance and litigation — the question of whether crypto assets are "funds" or "securities" affects which custody rules apply. Bank-chartered custodians (Anchorage received the first OCC charter for a digital asset bank in 2021; BNY Mellon launched digital asset custody in 2022) sit at the intersection of traditional banking regulation and crypto-specific requirements, which creates compliance complexity but also clearer institutional trust.
Insurance is a soft constraint. Custodial insurance in crypto is expensive and limited — policies typically cover theft by external hackers but not all operational failures, and coverage limits are often far below assets under custody. This gap is narrowing as the insurance market matures, but it remains a constraint on institutional scaling.
The technical constraint is key recovery. Unlike a bank account, there's no regulatory backstop for key loss. If a custodian is acquired, fails, or shuts down operations, the custody agreement needs to specify what happens to client keys. This is a real operational consideration that due diligence on any custodian should address.
What's Changing
Three structural shifts are worth tracking:
Bank-chartered custodians are normalizing. BNY Mellon, State Street, and traditional prime brokers entering digital asset custody changes the risk profile for institutional allocation — it moves crypto custody onto familiar counterparty frameworks that institutional compliance teams already understand.
Spot Bitcoin ETF approvals made qualified custody infrastructure a condition of US market access for institutional allocation. That mandate created concentrated custody demand at a small number of providers and is likely to influence where other asset managers route institutional crypto allocation.
Self-custody tooling is improving for institutions. Fireblocks, which manages wallets and transaction workflows for institutions, operates at scale using MPC. The category of "institutional self-custody" — where the institution controls keys but with enterprise-grade operational security — is a real option that wasn't meaningfully available before MPC-based tooling.
What Would Confirm This Direction
Bank-chartered custodians capturing meaningfully increasing market share from non-bank qualified custodians. Standardization of custody disclosure requirements — what insurances, audit frameworks, and key management architectures custodians must disclose. Integration of digital asset custody into existing prime brokerage relationships at scale.
What Would Break or Invalidate It
A major breach at a qualified custodian — particularly one that resulted in client losses not covered by insurance — would stress-test the entire framework. Regulatory reclassification that created inconsistent or mutually exclusive custody requirements across jurisdictions could fragment the institutional market significantly. A successful attack on a widely deployed MPC implementation would reopen the multi-sig vs MPC debate.
Timing Perspective
Now: All three custody models are operational and in production use. The qualified custody landscape for institutions is functional, and the ETF custody structure has been validated. Self-custody tools are mature.
Next: Bank-chartered custody competition and standardization of audit and disclosure requirements. The custody question for tokenized real-world assets (bonds, equities on-chain) is developing and will create new regulatory touchpoints.
Later: On-chain self-sovereign solutions for institutional use — smart contract-based custody with programmable access controls — are early and experimental. Not a near-term operational consideration.
What This Post Does Not Cover
This is an explanation of custody mechanisms. It doesn't address the tax treatment of custodial transfers, the legal nuances of beneficial ownership vs legal ownership in different jurisdictions, or how custody interacts with lending and collateral arrangements. Whether self-custody or a specific qualified custodian makes sense for a given situation depends on factors outside this scope.
The mechanism is clear. Custody is the question of who controls the key — and all the structures built around that question follow from that single constraint.
